Slashdot Mirror
Bill Gates Talks about Belgian eID Card
Brainsur writes "Today Bill Gates visited Belgium to talk about the Electronic ID card introduced last year in Belgium as experiment. Microsoft announced that they will integrate the electronic identification into the Windows Software so they can deliver more security and privacy on the internet. The register has
more news."
How should I expect privacy when my computer has my ID card? I want my ID card in my pocket, so i know when it is readable by anyone.
vajk
"You must first open your passport .net account for us to verify your ID."
My thoughts exactly.
Yeah, on top of that security, it comes with a retina scan. It should not blow out your eye socket by beta 2 or release candidate 6.
Don't know which is worse - a country going full tilt down the electronic ID route (when even the perceived benefits are less than the cost), just because, you know, it's technology. Or Bill G saying it will make things more "secure"
For those countries that require ID, just why is the manual system that has been in place suddenly no good any more?
"She's furniture with a pulse"
Am I the only one wondering how a state-guaranteed ID card used for authentication will provide more _privacy_???
/c
Before attempting anything criminal, better report your eID card stolen.
Now user in belgium will effectively have MS passport in physical form.
In Canada, Businesses are forbidden to use SIN#s for tracking purposes and this is not that different. Maybe if it works there, he'll be able to use the US' ID cards the same way.
Oh and patent the fuck out of it, too.
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
and knowing my way around windows, this has me somewhat frightened.
Hmm. There's a BIG question unanswered in this article.
Microsoft believes that combined with the eID Card MSN Messenger chatrooms will be much safer. Users would have a trustworthy way of identifying themselves online. The Belgian Federal Computer Crime Unit (FCCU) could even refuse young children access to certain chatrooms based on their electronic identity.
Now.. is the ID card REQUIRED to use the MSN service, or is it just another level of idenitifcation? One model, such as what Amazon.com uses for reviews, is to accredit reviews with a 'Real Name' sticker if it is indeed the poster's real name (as verified by their credit card). But it isn't required to actually post a review, only to get that extra level of verification.
Anybody else have a different take on it, did I miss this important point?
"There's no success like failure, and failure's no success at all."
- Bob Dylan
Any Fins here wish to comment?
This comment does not necessarily represent the views and opinions of the author.
I am a little confused by this. Distributing a card with a chip with a unique ID? I didn't think Borg cared about uniqueness when it came to assimilation?
-- Knowing too much can get you killed, but knowing who knows too much can make you rich.
It was the 4th of february, 1998. It happened.
Seven years later, he dares to come back.
Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
How long do you think it will take some bored script kiddie to end up tracking everyone and watching the results like a bad game of the sims.
Is it really all that beneficial to have this securing mechanisms?
Either way I am not gonna complain unless this effects Belgian Beer production.
Sigs? We don't need no stinking sigs!
$5 says this kind of thing (computer credentials linked to your "papers") finds its way into the various trusted computing initiatives...
Let's get drunk and delete production data!
...you don't want all that information following you? From TFA:
Just like the classical ID, the eID contains your photo, surname and first names, sex, nationality, place and date of birth, signature, national number as well as the validity period of the card.
Quite frankly, there are times I would like to use the Internet without all of that information following me around. There are sometimes online I just don't want to be identified! Even when I do want to be identified (using Canada as an example) the idea of even giving my SIN number to Microsoft sounds insane! I ccertainly wouldn't want that sort of sensitive information identifying me online. I'll stick to using my name...
After the overwhelming success of Passport it was only a matter of time until this happened!
Today I recieved an e-mail from my bank saying that they wanted to verify my new government ID with my bank acount information. All I had to do was to go to this site and have my reader scan my ID card. Gee, I'm sure glad my bank is tough on security.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
Did Bill get a new PR firm? I've seem more Gates stories in the last week than most of last year? Is he trying to make a shift from IT Industrialist to High-Tech Cultural Pundit?
Looking at it from a marketing point of view, its like money in the bank for MS. Nothing like having your founder out there framing the next technological debate in terms of what you have coming out of the R&D lab.
the Commission balked at ``Windows XP Reduced Media Edition
You have to admit, it takes some serious nerve to suggest "Reduced Media Edition." I wonder what the less inflammatory proposals will be. Some ideas:
(Where The Phone Company tries to take over the world by implanting a phone in everybody's skull so they can make calls any time and any where... and be tracked...)
Is today International Assimilation Day or something?
These eID cards aren't all that bad.
Here in Belgium we are obligated to carry normal ID cards with us, so if those become one with a chip in them, it doesn't make that much a difference.
If you don't want to use it for identifying with msn, so don't.
On the other hand, they are fully supported on all sorts of unixes, so they might be handy to login your own system or whatsoever.
It's not like they're equiped with some sort of rfid so govmnt can track wherever you are.
"The day Microsoft makes a product that doesn't suck is the day they make a vacuum cleaner."
Why is it for some reason everything, be it national security, convenience for civil servants etc etc etc gets considered before privacy in issues such as National ID cards. Surely, as illustrated by the many valient efforts at DRM the technical ability is there to produce a modern doucment to validate ID and also protect privacy.
When we hear PR speak about DRM its all about how hard it is to crack etc etc etc, why cant the same technology be employed to control access to an ID card, and PREVENT unauthorised access?
The UK (and those who still have time) should resist ID card proposals, if they wish to remain free of these really scary proposals.
Im off to room 101 now.....
Of course they care! Post-assimilation is when you need a unique ID. Otherwise, how would you know if you're "Seven of Nine", "Six of One", or "Half Dozen of the Other"?
A marriage is always made up of two people who are prepared to swear that only the other one snores.
There are a couple of reasons why electronic IDs are being introduced:
- Counterfeiting IDs will be (nearly) impossible, due to the fact that all IDs have to be signed by the central government. No more reproducing/stealing blanks to get a fake ID.
- Currently your address data is printed on the ID card, which means getting a new ID whenever you move. Also the refresh rate for IDs is lower due to the fact that all data (including your picture) is on the chip and can be renewed.
- You will have a way to identify yourself online and use the internet for things you currently can only do in meatspace (government papers, official mails, taxes,
...); with a limited risk for identity theft (one would require access to the physical ID + a pass phrase)
I don't see why this is such a bad thing. Yes, we (I'm Belgian) will be on the cutting (bleeding?) edge w.r.t. the electronic ID technology, but there are actual benefits for us as well (not just the government).Okay... I'll do the stupid things first, then you shy people follow.
[Zappa]
xenophobia moderated insightful and informative. NICE.
-mkb
being a Belgian as well, I feel your pain, new cards are 4 times as expensive as the old ones and only last for half their time (5 years to 10), and for the time being you have to have a paper with you with your adress and stuff because most administrations can't read the card
oh and Billy boy said it was "the most secure identityverifaction Microsoft ever saw ".
Nah, I just made that shit up!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Well, im belgian, and this eID is actually a great advance for us, we will be able to fill out tax forms and other administrative forms, maybe vote and in the future us this eID as authentification for buying prescription drugs (yeah we get most of our medical costs paid for). It also solves a lot of problems between the different language communities we have around here, since a frenchman in flanders (where they speak dutch) could fill out his forms in french. This might seem a stupid problem but it has been a pretty huge on in belgium the last couple of years.
As for M$ using this to authenticate on their services? why not, as long as anyone can use our eID to guarantee some kind of secure log-in/transaction im 100% for it. I very much doubt Belium would let a foreign company take the monopoly of their eID market, im sure all they are trying to do is develop some kind of platform onto which outside companies could use our system.
Indeed this will mean that with time, you could make sure your Credit card could only be used by you (or anyone who stole your card, has an untracable card reader device AND has your 4 digit pin code). This of course makes online transactions much safer.
The only reason i see that Bill gates decided to integrate this to MSN messenger is because thats exactly the type of product that Billy loves (hence his introduction of similar cards in his company.)
So anyways, eID is great, that MS endorses it is not bad at all, as long as the procedure to endorse our future system will not be an MS product.
I am a Belgian citizen, studying in the US... so I guess I can reply to both angles of your post. It is true that Belgian has a large, mostly northern African, immigrant population. We allow foreigners with five years of residency to vote. So they do wield significant political power, but this is not necessarily a bad thing as you seem to insinuate. I have no idea what you mean by, "accelerating destruction of Western values and Western society", because values are not something the government should be involved with in the first place. However, there are a bunch of people who think along your lines, and they have formed the 'Vlaams blok' (http://vlaamsblok.be/site_engels_index.shtml if you want the English site). It is an anti-immigration party. It was recently declared illegal due to anti-racism laws. Immigration does cause many problems, and even though I don't support vlaams blok type thinking, I'm reasonably sure they will win an election in the near future. And it will be a good thing, because they will mess things up so badly that they wont gain support in the future, and in the meantime things will finally be fixed without going to either extreme. If you are really that worried about high (US-) educated foreigners staying in the US and destroying your precious western civilization... don't worry too much, we already have much stricter controls on us than the Belgian citizens in the article do. We have to pay for the government to track us (SEVIS), we get fingerprinted and photographed upon arrival in the US, we have to check in at the start of every year, and to do any work at all we need more approval than Michael Moore has here in Berkeley.
Everyone knows they were having their speed pass chips injected along with the colagen implants.
Seriously, silicone breast implants now come with rfid tags so that they can more readily be identified in case of problems with a particular production run or model, since about 1/4 of all new boobies are still silicone, despite health concerns. All you have to do is agree to 5 years of monitoring here and here for examples.
So now you don't have to guess - just get a remote reader (but that takes all the fun out of it).
Hehe. I started this post when the story was still in the mysterious future and it kept growing till, now when most everyone has already moved onto the next story. Oh well, might as well post it and this thread is as good of a spot as any.
I would actually be in favor of a Smart-card ID - especially if the citizen ID was just one uses of a generic smart card authentication system. The use of Social Security Numbers is inherently insecure. Every authentication system needs a public identifier, and at least one secret key. But as things stand right now SSN are treated as both an identifier and a key - it is impossible to be both public and secret simultaneously! It is scary how many institutions act as though anyone who can rattle off my SSN. Something like this could greatly decrease potential for identity theft and fraud, and frankly I don't think it will decrease my privacy any (more on that later).
Suppose you had a smart card which contained a readable id and public key, an non-readable private key (encrypted with a passcode), and a small amount of processing power. When you need to authenticate yourself, you would place the card in a a drive, and enter your passcode. The person requesting authentication would generate a challenge using the public key, and the drive would pass the challenge and passcode to the smart-card. The card would then use the private key to generate a response.
The nice thing about the smart-card doing the processing is that the private key would never leave the card. In fact, the user would not have to know anything about public/private keys (unlike PGP). And it follows the good policy of "something you have" (the card), "something you know" (the passcode), and could easily include the option of "something you are" (biometrics) for high security applications. But even without the biometrics, this would be infinitely more secure than SSN, more secure than a credit card or ATM, and on par with PGP signatures.
Then imagine that this is a standard authentication system - you have a card to authenticate that you are Citizen 123-45-678 for government programs, another to authenticate that you are VISA Card Holder 1111-2222-3333-4444 for purchases, another to authenticate that you are user on domain for login authentication, and yet another to authenticate that you are user@domain.com for signing and decrypting email. If there was a standard, there is no reason that the drive could not be built into all computers, greatly increasing the security of online financial transactions, and finally creating a user-friendly mechanism for encrypted communications.
In short it would solve a great deal of the security issues (or at least technical aspects thereof) that our rush into the digital world has created. Of course all the social engineering exploits are still there, and so we should never operate on the assumption that the system is infallible.
Now privacy. I don't like giving out my social security number more than anyone else. I have gone through great trouble to not give it to people that do not need it. But even so, there are a huge number of organizations that are entitled to it by law, and have a legitimate need for my personal information. Which brings up the real crux of the government privacy issue in my opinion: We asked the government to take care of our retirement, so they need some information to do that job. We asked the government to provide medical care and drug coverage for the elderly, so they need to know my medical record. We asked the government for all sorts of benefits and exceptions in the tax code, so they need to know the nitty-gritty details of my financial life. We asked the government to help pay for college, so they need to know even more information. And now people want to ask the government to provide everyone healthcare and that will erode my privacy even more. I have an idea - if we don't want the government to know everything about us how about we stop asking it to do everything for us. Until then all this cry for privacy
You have the privacy of the key and the door lock but your issuing authority has the ability to make another copy of the key "from their records" and unlock any door you have locked.
Contrapositively, any guy who muggs you and takes your house key isn't suddenly "you", but the same mugger who takes your ID is suddenly "you" "to the system" and will leave vapor-trail evidence of you-ness behind him as he goes.
Now if your ID card can't be authoratatively canceled and replaced then the thiefs access is total an perpetual. If it *can* be canceled and replaced, then the replacement ID still has to act as the "key" to open "the door". This, in turn, means that there is some fineite or infinite number of keys that can open your "door" because all of the old locked stuff needs to recognize every future permutation of your key.
Either that, or this is Palladium again, where there is nothing magical about the key and it is all in some central database that is actively scanned for each transaction, and so acts as real-time monitoring of the "identified" persons.
So, really, absolutely no privacy or completely illusitory security.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
For those who are interested:1 2000/index.ht ml
:)
http://eid.belgium.be/en/navigation/
It's the official website of the government about the eID card.
Flemish (Dutch-speaking part of Belgium) public television also has an interview with Bill Gates on this topic. You can find it on-line at http://www.vrtnieuws.net . Click "Internetsoftware voor Belgische identiteitskaart" and then "Ivan De Vadder interviewt Bill Gates". The interview is in English, although with Dutch subtitles. It can only improve your language skills
Interesting choice of country to be trying to do this in.
Some people in Belgium apparently don't like him. He got a pie in the face there.
http://www.bitstorm.org/gates/
Just because it CAN be done, doesn't mean it should!
As most Slashdot readers probably know, computer security has two distinct and separate functions: Authentication and Authorization. The first establishes that you are who you claim to be, the second establishes what you are and are not allowed to do. Authenticating yourself within a specific context, say a bank account transaction, is necessary within that context.
The danger in any type of universal form of authentiication is that it will be used for universal authorization. Many cities and states now suspend drivers licenses in order to collect fines, often for things completely unrelated to driving, such as failing to make child support payments, even for library fines. In time, any universal identification is sure to be abused on a much larger scale. The list of bureaucratic agencies that can red-flag your ID will grow, and so will the list of offenses that can make you unable to buy an airline ticket, rent a car, etc.
I read this pretty interesting snippet in the local Belgian newspaper (translated):
Gates went to the federal parliament, where he gave a talk about informatization of the government and society to a select number of members of parliament, and chairman of the house of parliament Herman De Croo. He received a number of questions concerning the topic of Free Software (open source), programmes anyone can use and modify for any purpose. "I explained that open source software functions well together with our software", Gates said and added that the existence of free software led to the price decrease of software.
Could it be? Positive words from Bill for Open Source Software? I guess it is because that eID works on open source software, but still..
I must say the parent post is very inflammatory, partisan, based on interpretations of plausible scenarios and very off topic. This type of discussion belongs in political fora, I don't think it has anything to do with "News for Nerds. Stuff that matters".
Oh, I'm a Belgian citizen too.
--- Sigmentation Fault - Comments Dumped
Perhaps not too late to mention our cards (I'm right here in Antwerp) are java smart cards...
For people who speak dutch: http://www.tweakers.net/nieuws/35324
Dependency hell? =>
Microsoft should soon be making this technology available worldwide with model 666.
There are better ways to conclude that some people don't like Bill. Pie throwers like throwing pies at people who act important, and who think they're important. Or something like that. It's an exciting hobby. An extreme sport.
They probably have wet dreams about smacking a pie in Bush's face, and surviving it.